Add performance tuning for nextcloud app

Fix nextcloud cron jobs never being run

resources/nginx/nextcloud-proxy.conf

@@ -1,50 +1,88 @@
 server {
         listen 80;
         root /usr/share/nginx/nextcloud;
-        index index.php index.html index.htm;
+        index index.php index.html index.htm /index.php$request_uri;
 
-        location / {
+        client_max_body_size 4G;
+        fastcgi_buffers 64 4k;
+
+        gzip on;
+        gzip_vary on;
+        gzip_comp_level 4;
+        gzip_min_length 256;
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+        add_header Referrer-Policy                      "no-referrer"   always;
+        add_header X-Content-Type-Options               "nosniff"       always;
+        add_header X-Download-Options                   "noopen"        always;
+        add_header X-Frame-Options                      "SAMEORIGIN"    always;
+        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
+        add_header X-Robots-Tag                         "none"          always;
+        add_header X-XSS-Protection                     "1; mode=block" always;
+
+        # Remove X-Powered-By, which is an information leak
+        fastcgi_hide_header X-Powered-By;
+
+        location = / {
+            if ( $http_user_agent ~ ^DavClnt ) {
+                return 302 /remote.php/webdav/$is_args$args;
+            }
+        }
+
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location ^~ /.well-known {
+            location = /.well-known/carddav  { return 301 /remote.php/dav/; }
+            location = /.well-known/caldav   { return 301 /remote.php/dav/; }
+            location ^~ /.well-known         { return 301 /index.php$uri; }
             try_files $uri $uri/ =404;
         }
 
+        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
+        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
+
         location ~ [^/]\.php(/|$) {
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-            if (!-f $document_root$fastcgi_script_name) {
-                return 404;
-            }
+            set $path_info $fastcgi_path_info;
 
+            try_files $fastcgi_script_name =404;
+
+            include fastcgi_params;
+            fastcgi_intercept_errors on;
+            fastcgi_request_buffering off;
+
+            fastcgi_param  SCRIPT_FILENAME          /var/www/html/$fastcgi_script_name;
+            fastcgi_param  PATH_INFO                $path_info;
+            fastcgi_param  DOCUMENT_ROOT            /var/www/html/;
+            fastcgi_param  modHeadersAvailable      true;
+            fastcgi_param  front_controller_active  true;
+            fastcgi_param  HTTPS                    $https;
+            fastcgi_param  REDIRECT_STATUS          200;
             # Mitigate https://httpoxy.org/ vulnerabilities
-            fastcgi_param HTTP_PROXY "";
+            fastcgi_param  HTTP_PROXY               "";
 
             fastcgi_pass server:9000;
-            fastcgi_index index.php;
+        }
 
-            fastcgi_param   QUERY_STRING            $query_string;
-            fastcgi_param   REQUEST_METHOD          $request_method;
-            fastcgi_param   CONTENT_TYPE            $content_type;
-            fastcgi_param   CONTENT_LENGTH          $content_length;
+        location ~ \.(?:css|js|svg|gif)$ {
+            try_files $uri /index.php$request_uri;
+            expires 6M;
+            access_log off;
+        }
 
-            fastcgi_param   SCRIPT_FILENAME         /var/www/html$fastcgi_script_name;
-            fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
-            fastcgi_param   PATH_INFO               $fastcgi_path_info;
-            fastcgi_param   PATH_TRANSLATED         /var/www/html$fastcgi_path_info;
-            fastcgi_param   REQUEST_URI             $request_uri;
-            fastcgi_param   DOCUMENT_URI            $document_uri;
-            fastcgi_param   DOCUMENT_ROOT           /var/www/html/;
-            fastcgi_param   SERVER_PROTOCOL         $server_protocol;
+        location ~ \.woff2?$ {
+            try_files $uri /index.php$request_uri;
+            expires 7d;
+            access_log off;
+        }
 
-            fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
-            fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;
-
-            fastcgi_param   REMOTE_ADDR             $remote_addr;
-            fastcgi_param   REMOTE_PORT             $remote_port;
-            fastcgi_param   SERVER_ADDR             $server_addr;
-            fastcgi_param   SERVER_PORT             $server_port;
-            fastcgi_param   SERVER_NAME             $server_name;
-
-            fastcgi_param   HTTPS                   $https;
-
-            # PHP only, required if PHP was built with --enable-force-cgi-redirect
-            fastcgi_param   REDIRECT_STATUS         200;
+      location / {
+          try_files $uri $uri/ /index.php$request_uri;
       }
+
 }